Glossary of Common Terms
A form of spyware that enters your computer from an Internet download. Like spyware, it monitors your computer use, such as what Web sites you visit. Adware gets its name from also launching numerous pop-up ads in your browser.
Anti-virus software will protect your computer from viruses encountered on the Web. New viruses are born every day, so it’s important to update your anti-virus software regularly.
An attack on the authentication protocol where the Attacker transmits data to the Claimant, Credential Service Provider, Verifier, or Relying Party.
The illegal practice of collecting email accounts from information available in the public domain or by using software to search for email addresses stored locally on a computer. Account harvesting is a basis for spamming.
Advanced Encryption Standard. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information.
An independent review and examination of the validity, accuracy and reliability of information contained in a system. Systems may be audited under legislation.
In a computer system, a backdoor refers to an overlooked or hidden entry into a computer system. A backdoor allows a hacker or other unauthorised user to bypass a password requirement and to gain access to a computer.
A list of items – such as applications or programs – that may not be opened or executed in a system. It is the opposite of a whitelist, which confirms that items are acceptable.
The name ‘bot’ is short for ‘robot’. It’s a software application that runs automated tasks controlled remotely via the internet. A malicious bot can infect your computer, and gather passwords and financial information. An infected computer is sometimes called a zombie. A network or group of bots is called a botnet.
The stored electronic information pertaining to a physical or behavioral characteristic of a human being.
Internet predators who create fake online identities to lure people into emotional or romantic relationships for personal or financial gain.
A model for enabling on-demand network access to a shared pool of configurable IT capabilities/ resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. It allows users to access technology-based services from the network cloud without knowledge of, expertise with, or control over the technology infrastructure that supports them. This cloud model is composed of five essential characteristics (on-demand self-service, ubiquitous network access, location independent resource pooling, rapid elasticity, and measured service); three service delivery models (Cloud Software as a Service [SaaS], Cloud Platform as a Service [PaaS], and Cloud Infrastructure as a Service [IaaS]); and four models for enterprise access (Private cloud, Community cloud, Public cloud, and Hybrid cloud).
Common Operating Environment. A standardised build of an operating system and associated software that works across multiple devices. It is deployed on multiple devices to minimise the potential for incompatibilities, and to improve the ability to address any issues that arise.
The discipline that embodies the principles, means, and methods for the transformation of data in order to hide their semantic content, prevent their unauthorised use, or prevent their undetected modification.
An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.
A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.
Crimes that either: are performed using digital devices such as computers, phones etc. to perpetuate criminal activities; or where computer systems are the target of the attack, as in hacking, denial of service attacks etc.
Denial of Service. The prevention of authorised access to resources or the delaying of time -critical operations.
The accumulated information about you on the Internet, left behind like a footprint. This information may be from a variety of sources such as company, community, interest or sport group websites you belong to, your own website, social media such as Facebook, Instagram, Twitter and Linkedin, websites you have shopped at, commented on and so on.
Distributed Denial of Service Attack. A denial of service attack coming from many computers at once, attempting to make a system unavailable to users by ‘flooding’ the system with Internet traffic.
A private network that uses Web technology, permitting the sharing of portions of an enterprise’s information or operations with suppliers, vendors, partners, customers, or other enterprises.
A security tool that protects an individual computer or even an entire network from unauthorised attempts to access your system. Firewalls often protect e-mail servers from receiving spam. A firewall will also scan both incoming and outgoing communications for your personal information and prevent it from leaving your computer without permission.
An attack that attempts to cause a failure in a system by providing more input than the system can process properly.
Interface providing compatibility between networks by converting transmission speeds, protocols, codes, or security measures.
A hacker is someone who has the technical know-how to intentionally breach or "hack" into a computer system or network.
Hypertext Transfer Protocol. This is the standard language that computers use to communicate with each other on the Internet.
The mechanical parts of a computer system, including the central processing unit (CPU), monitor, keyboard, and mouse, as well as other equipment like printers and speakers, and mobile devices such as tablets and smart phones.
Collecting information of potential value such as email addresses, passwords and credit card details, usually for resale in an underground market.
Information and Communications Technology. General term for technology associated with the distribution of electronically generated and stored information, and associated communications such as the internet, networking and telecommunications-related infrastructure and concepts.
A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.
Incident Response Plan. The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organisation’s information system(s).
Internet of Things. A term given to all devices connected to the Internet, including traditional devices such as computers, mobile phones etc. It also includes household items that are internet-enabled, cars, smart meters, smart lights, etc.
The Internet is the single, interconnected, worldwide system of commercial,governmental, educational, and other computer networks that share (a) the protocol suite specified by the Internet Architecture Board (IAB), and (b) the name and address spaces managed by the Internet Corporation for Assigned Names and Numbers (ICANN).
Standard protocol for transmission of data from source to destinations in packet - switched communications networks and interconnected systems of such networks.
A private network that is employed within the confines of a given enterprise (e.g., internal to a business or agency).
Intrusion Detection System. Hardware or software product that gathers and analyses information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organisation) and misuse (attacks from within the organisation).
An attack in which a device is used to emit electromagnetic energy on a wireless network’s frequency to make it unusable.
In cryptography, a key is a value that determines the output of an cryptographic algorithm when transforming plain text to encrypted text. The key is also necessary to convert the encrypted text back to plain text to be readable and usable once again.
Lightweight Direct Access Protocol. Authentication and authorisation data repository used to query and modify user acess permissions and granting access to protected resources.
A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
This term refers to any "malicious software" created to damage or illegally access a computer or network. Computer viruses, worms, spyware, and adware are all examples of malware.
A virus that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute and propagate.
Information that describes data. This can include how the data was created, the time and date of creation, the author of the data, and the location on a network where the data was created. Examples of metadata include descriptive information about a phone call, such as location, device, duration, number dialed, number of origin etc.
Information system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.
Network Address Translation. A routing technology used by many firewalls to hide internal system addresses from an external network through use of an addressing schema.
Area, room, or space that, when staffed, must be occupied by two or more appropriately cleared individuals who remain within sight of each other.
Any information that can personally identify you, such as your name, address, phone numbers, your schedule, tax file number, bank account number, credit card account numbers, family members’ names or friends’ names.
Phishing refers to an instant message or e-mail message meant to lure recipients into responding. Often these messages will appear to be from a friend, a bank or other legitimate source asking for personal information such as names, passwords, bank account numbers or credit card information. These messages might also direct users to phony Web sites to trick users into providing personal information. Users falling for the "bait," often have their money or identities stolen.
An update to an operating system, application, or other software issued specifically to correct particular problems with the software.
A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.
A way of harvesting personal information, where a hacker puts malicious code on your computer that redirects you (usually without your knowledge) to a fake site that asks you to enter personal data. Often the pharming website looks like the legitimate website that was being requested.
Set of rules and formats, semantic and syntactic, permitting information systems to exchange information.
An application that “ breaks” the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network and processes it and forwards it.
The public part of an asymmetric key pair that is typically used to verify signatures or encrypt data.
Privacy impact assessment. A PIA is a process which helps an organisation to identify and reduce the privacy risks of a project. An effective PIA will be used throughout the development and implementation of a project, using existing project management processes.
Malware that handicaps computer functionality, e.g. through browser hijacking or encrypting personal data, and offers to restore the functionality or data for a fee.
Access by users (or information systems) communicating external to an information system security perimeter.
The level of impact on organisational operations (including mission, functions, image, or reputation), organisational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.
Process that identifies valuable system resources and threats; quantifies loss exposures (that is, loss potential) based on estimated frequencies and costs of occurrence; and (optionally) recommends how to allocate resources to counter measures so as to minimise total exposure.
A set of tools used by an attacker after gaining root-level access to a host to conceal the attacker’s activities on the host and permit the attacker to maintain root -level access to the host through covert means
Unsolicited, commercial e-mail messages that are sent out in bulk, often to millions of users in hopes that one person may actually reply. Spam messages often involve Internet hoaxes and should be deleted immediately. Responding to a spam message will confirm to the sender that they have reached a legitimate e-mail address and they will more than likely continue to send messages to that address.
Forging an e-mail or instant message address to make it appear as if it came from someone or somewhere other than the true source. Whole Web sites can also be spoofed, tricking users into providing their passwords or other personal information, such as their credit card information.
Spyware refers to a software program that slips into your computer without your consent to track your online activity. These programs tend to piggyback on another software program. When the user downloads and installs the software, the spyware is also installed without the user's knowledge. There are different forms of spyware that track different types of activity. Some programs monitor what Web sites you visit, while others record key stokes to steal personal information, such as credit card numbers, bank account information or passwords.
A cryptographic key that is used with a secret-key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.
Secure Socket Layer. A protocol used for protecting private information during transmission via the Internet.
Service level Agreement. Defines the specific responsibilities of the service provider and sets the customer expectations.
A Trojan horse refers to a malicious program that enters a computer or system disguised or embedded within legitimate software. Once installed on a computer, a Trojan horse will delete files, access your personal information, reconfigure your computer or even allow hackers to use your computer as a weapon against other computers on a network.
Any circumstance or event with the potential to adversely impact organisational operations (including mission, functions, image, or reputation), organisational assets, or individuals through an information system via unauthorised access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.
Trusted Operating Environment. An operating environment that has security controls applied so that it is known, its integrity is checked, and it is of minimised risk.
User Interface. This is any aspect of a computer that is used by a person to input information into the computer (i.e. keyboard, mouse, etc) or to view data (screen, monitor).
Occurs when a user, legitimate or unauthorised, accesses a resource that the user is not permitted to use.
A program that attaches itself to an executable file or vulnerable application and delivers a payload that ranges from annoying to extremely destructive. A file virus executes when an infected file is accessed.
Virtual Private Network. A virtual network, built on top of existing physical networks, that provides a secure communications tunnel for data and other information transmitted between networks.
A weakness in a system, application, or network that is subject to exploitation or misuse.
A computer worm is a program built to reproduce itself and spread across a network, rendering it ineffective. A worm may be designed to complete several different malicious activities. However, one common denominator is that a worm can harm a network by consuming large amounts of bandwidth, potentially shutting the network down.
A list of discrete entities, such as hosts or applications that are known to be benign and are approved for use within an organisation and/or information system.